[75263] in North American Network Operators' Group
Re: Important IPv6 Policy Issue -- Your Input Requested
daemon@ATHENA.MIT.EDU (Adam Rothschild)
Tue Nov 9 17:35:18 2004
Date: Tue, 9 Nov 2004 17:34:55 -0500
From: Adam Rothschild <asr+nanog@latency.net>
To: "Network.Security" <Network.Security@target.com>
Cc: nanog@merit.edu
In-Reply-To: <DDC7F6127D700C4496571A94C242AA79012180A2@EMAILSTORE13.target.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 2004-11-09-17:10:02, "Network.Security" <Network.Security@target.com> wrote:
> We receive a disturbingly large amount of traffic sourced from the 1918
> space destined for our network coming from one of our normally
> respectable Tier 1 ISP's (three letter acronym, starts with 'M', ends
> with 'CI').
>
> This is particularly irritating since we pay for burstable service; nice
> that we are paying for illegitimate traffic to come down our pipes.
> Their answer to this issue was: our routers can't handle the additional
> load that filtering 1918 traffic would cause.
>
> That's odd, I didn't think routing to Null0 (or equivalent) was all that
> taxing, I don't want an ACL, I want it gone [...]
Null routes aren't going to stop packets with 1918 *sources* from
entering your network, I'm afraid. This is where ACLs come into
play.
And it's quite conceivable, on a network of MCI's size, there are
still peering and edge ports terminated by GSRs with engine 0 cards,
or 7500s, or other hardware where bogon filtering and/or reverse-path
validation really is a Big Deal(tm).
-a
(computing VJ's cell phone bill on the WRT54G as we speak)
